Copilot Spoofing Vulnerability in Microsoft Products
CVE-2025-59272

9.3CRITICAL

Key Information:

Vendor: Microsoft
Status: Microsoft 365 Copilot's Business Chat
Vendor: CVE Published:; 9 October 2025

What is CVE-2025-59272?

The Copilot Spoofing Vulnerability presents a significant risk by allowing malicious actors to impersonate the Copilot feature in Microsoft products, potentially misguiding users and leading to unauthorized actions. This vulnerability emphasizes the importance of implementing strong authentication mechanisms and user awareness to safeguard against such deceptive tactics.

Affected Version(s)

Microsoft 365 Copilot's Business Chat Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2025
Vulnerability Reserved
Sep 11, 2025

JSON